Authentication

All requests made to The Secure Gateway's REST API must occur over HTTPS and must be authenticated

To authenticate, you must set up an API Key and set its permissions based on your application’s needs. The API Key is a generated, unique value that is defined for each gateway account [Note: A gateway account can have multiple API Keys]. See Setting Up an API Key.

The main, preferred, method for authentication is by including an api_key header in the request. For Transaction requests, you can (optionally) authenticate by adding an api_key element to the main request object.